IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [forward-secrecy]

Forward secrecy is a cryptographic property of a protocol ensuring that future compromise of a long-term key (e.g. private keys in TLS) will not allow the adversary to compromise the short-term (session) key and decrypt past communications. Unless the adversary uses the Man-in-the-Middle attack, past communications will be unbreakable for protocols possessing the property.

36 questions
108
votes
6 answers

Why can't I MitM a Diffie-Hellman key exchange?

After reading the selected answer of "Diffie-Hellman Key Exchange" in plain English 5 times I can't, for the life of me, understand how it protects me from a MitM attack. Given the following excerpt (from tylerl's answer): I come up with two prime…
orokusaki
  • 1,342
  • 2
  • 10
  • 13
38
votes
7 answers

Recommended ssl_ciphers for security, compatibility - Perfect Forward secrecy

I'm currently using nginx with the following ciphers: ssl_ciphers HIGH:!aNULL:!eNULL:!LOW:!ADH:!RC4:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; I would like to maintain compatibility to older browsers, especially also older mobile browsers and therefore not…
binaryanomaly
  • 1,291
  • 3
  • 13
  • 21
12
votes
2 answers

Forward secrecy for kids

In the Scouts, it is popular to use secret codes to write messages (which are simple ciphers). I want to introduce Forward secrecy to the kids so they can use it with these ciphers. So, if the competing team found a ciphered message and decoded it…
ScoutHelper
  • 131
  • 2
9
votes
1 answer

Forward secrecy with GnuPG

I'd like to know how to implement forward secrecy using GnuPG, and I presume I need some kind of authenticated key exchange. Assuming that I have the following working already: Alice and Bob have both generated their own regular asymmetric…
user171587
  • 95
  • 6
7
votes
1 answer

Does Perfect Forward Secrecy (PFS) make Man-in-the-Middle (MitM) attacks more difficult?

Does Perfect Forward Secrecy (PFS) make Man-in-the-Middle (MitM) attacks more difficult? If not, why?
Geremia
  • 1,636
  • 3
  • 19
  • 33
6
votes
2 answers

nginx recommended ssl_ciphers

I am looking for some advice on setting the ciphers for nginx with SSL. What would you recommend for a good compromise between security and compatiblity at the moment? I have made some research but the solutions are sometimes very different and it…
Michael
  • 181
  • 1
  • 4
6
votes
2 answers

How to enforce Perfect Forward Secrecy using JVM properties?

According to this blogpost Perfect Forward Secrecy (PFS) is provided by: Anything on the Algorithm Standard Name list that start with TLS (Transport Level Security) followed by a type of DHE (Diffie-Hellman Exchange). E.g.…
drox
  • 271
  • 2
  • 9
5
votes
2 answers

Why do the banks all use weaker TLS suites?

I've been checking out various TLS certificates lately and noticed that most of the banks seem to have the following two issues: 1) They do not offer perfect forward secrecy 2) They are still using RC4 So far, all the ones I've checked (TD,…
Ethan
  • 153
  • 4
5
votes
1 answer

PFS on nginx: only RC4 gets used (TLS_ECDHE_RSA_WITH_RC4_128_SHA)

I'm trying to configure my webserver for perfect forward secrecy. I'm using ssl_ciphers…
user193565
  • 53
  • 4
4
votes
1 answer

Forward Secrecy in TLS-PSK

I'm reading RFC4279 (Pre-Shared Key Ciphersuites for Transport Layer Security), Section 7.1, which is about Perfect Forward Secrecy. In that section, it's said that PSK/RSA_PSK ciphersuites don't provide forward secrecy. But, if I'm not wrong, PSKs…
Ibrahim Ethem Bagci
  • 43
  • 4
4
votes
1 answer

Defending against private key leaks such as those enabled by Heartbleed

More and more evidence seems to be surfacing that the Heartbleed vulnerability leaks the private key portion of the SSL certificate in use. As such this can actually mean that if an attacker was also able to passively monitor SSL traffic, when they…
deed02392
  • 4,038
  • 1
  • 18
  • 20
4
votes
1 answer

Do the Secret Chats of Telegram really support Perfect Forward Secrecy?

In the Telegram API it is stated that Telegram support Perfect Forward Secrecy in their "secret chats". It is also stated that official Telegram clients will initiate re-keying once a key has been used to decrypt and encrypt more than 100…
ayyyda
  • 41
  • 2
4
votes
1 answer

Is forward secrecy useful for an application where keeping message history is an integral part?

I am writing a decentralized application that lets certain privileged users post messages to other users. These messages should be encrypted so that only the two of them can read it. Messages are posted onto IPFS, so that anyone can read the…
Pneumaticat
  • 41
  • 3
3
votes
1 answer

PFS incentive during IKE Phase 2

I'm trying to see the actual point in implementing Perfect Forward Secrecy during Internet Key Exchange Phase 2, if it had already been used during Phase 1. Quoting the IKEv2 RFC: RFC 5596 3.3.2. Transform Substructure [...] Although ESP and AH do…
Aym_C
  • 33
  • 3
3
votes
1 answer

Can an old SSH session be reconstructed given root access to the server?

Say that A is behind a firewall that logs all packets, communicating with B over a publickey-authenticated SSH connection: A <-------- {ssh} --------> B v v [Encrypted packets all logged] The firewall is unable…
Joseph
  • 523
  • 1
  • 4
  • 14
1
2 3